Le 30/01/2019 à 16:22, Nicolas Kovacs a écrit : > Some time ago I wrote an introductory article about SELinux on my blog. > I'm currently updating it for my new blog, and I found a curious change > in SELinux policy. Here goes. > > For demonstration purposes, I'm using some static webpages, more exactly > the default pages found in /usr/share/httpd/noindex, which I simply > copied over to /var/www/html. > > As a first practical example, I'm copying this stuff over to /tmp/backup > and then move it back again. A vaguely similar example has been given by > Thomas Cameron in his presentation "SELinux for mere mortals", and I'm > reproducing it here with some minor modifications. > > $ cd /var/www/html/ > $ mkdir /tmp/backup > $ cp -R * /tmp/backup/ > $ rm -rf * > $ mv /tmp/backup/* . > $ find . -type d -exec chmod 0755 {} \; > $ find . -type f -exec chmod 0644 {} \; > > When I wrote the article back in november 2017, this resulted in a > classic "Forbidden" error, since the SELinux context of these files is > not httpd_sys_content_t as it should be, but user_tmp_t. > > But when I try to repeat the experiment now, Apache shows no error. > Which seems strange. > > Any idea what's going on ? The tl;dr version of my last post is : Apache is not supposed to show static web pages with a user_tmp_t SELinux context. So why does it show them anyway ? Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@xxxxxxxxxxxxx Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos